1. Ubuntu Security Notices
  2. USN-6428-1

USN-6428-1: LibTIFF vulnerability

Publication date

11 October 2023

Overview

LibTIFF could be made to crash if it opened a specially crafted file.

Releases

Packages

  • tiff - Tag Image File Format (TIFF) library

Details

It was discovered that LibTIFF could be made to read out of bounds when
processing certain malformed image files with the tiffcrop utility. If a
user were tricked into opening a specially crafted image file, an attacker
could possibly use this issue to cause tiffcrop to crash, resulting in a
denial of service.

It was discovered that LibTIFF could be made to read out of bounds when
processing certain malformed image files with the tiffcrop utility. If a
user were tricked into opening a specially crafted image file, an attacker
could possibly use this issue to cause tiffcrop to crash, resulting in a
denial of service.

Update instructions

In general, a standard system update will make all the necessary changes.

Learn more about how to get the fixes.

The problem can be corrected by updating your system to the following package versions:

Ubuntu Release Package Version
23.04 lunar libtiff-tools –  4.5.0-5ubuntu1.2
libtiff6 –  4.5.0-5ubuntu1.2
22.04 jammy libtiff-tools –  4.3.0-6ubuntu0.6
libtiff5 –  4.3.0-6ubuntu0.6
20.04 focal libtiff-tools –  4.1.0+git191117-2ubuntu0.20.04.10
libtiff5 –  4.1.0+git191117-2ubuntu0.20.04.10
18.04 bionic libtiff-tools –  4.0.9-5ubuntu0.10+esm3  
libtiff5 –  4.0.9-5ubuntu0.10+esm3  
16.04 xenial libtiff-tools –  4.0.6-1ubuntu0.8+esm13  
libtiff5 –  4.0.6-1ubuntu0.8+esm13  
14.04 trusty libtiff-tools –  4.0.3-7ubuntu0.11+esm10  
libtiff5 –  4.0.3-7ubuntu0.11+esm10  

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.

Get Ubuntu Pro

References

Have additional questions?

Talk to a member of the team ›